AssignmentFV1203 (IT & CAD)TASK 1: Review of types of security threats and software tools designed to protect computerIntroductionThis is the final report of a study, the purpose of which was to improve the computer security capability of the customer's systems. ThreatsScopeIn order to design the security of a system, it is necessary to understand the types of threats and attacks that can be mounted against a computer system, and how these threats may manifest' themselves. It is also important to understand the threats and their sources from the viewpoint of identifying other data sources by which the threat may be recognized.
To assist the reader, the following definitions are used in this paper: Threat: The potential possibility of a deliberate unauthorized attempt to: a) access informationb) manipulate informationc) render a system unreliable or unusableRisk: Accidental and unpredictable exposure of information, or violation of operations integrity due to malfunction of hardware or incomplete or incorrect software design. Vulnerability: A known or suspected flow in the hardware or software design or operation of a system that exposes the system to penetration of its information to accidental disclosure. Attack: A specific formulation or execution of a plan to carry out a threat. Penetration: A successful attack; the ability to obtain unauthorized (undetected) access to files and programs or the control state of a computer system. In considering the threat problem, the principal breakdown of threats is on the basis of whether or not an attacker is normally authorized to use the computer system, and whether or not a user of the computer system is authorized to use a particular resource in the system.
PenetrationIn many installations, the internal penetration is frequent than external penetrations.
This is true for a variety of reasons, not the least of which is the internal penetrator has overcome a major barrier to unauthorized access; that is, the ability to gain use of a machine. Computer systems play such a critical role in business, government, and daily life that organizations must take special steps to protect their Computer systems and to ensure that they are accurate and reliable. Lets discuss what are the various threats to Computer Systems. Why Systems are VulnerableWhen large amounts of data are stored in electronic form they are vulnerable to many more kinds of threats than when they exist in manual form.
They can stem from technical, organizational, and environmental factors compounded by poor management decisions. Advances in telecommunications and computer software have magnified these vulnerabilities. Through telecommunications networks, Computer systems in different locations can be interconnected. The potential for unauthorized access, abuse, or fraud is not limited to a single location but can occur at any access point in the network. Additionally, more complex and diverse hardware, software, organizational, and personnel arrangements are required for telecommunications networks, creating new areas and opportunities for penetration and manipulation.
Wireless networks using radio-based technology are even more vulnerable to penetration, because radio frequency bands are easy to scan. Wireless devices can form ad hoc networks that can be exploited by malicious entities to disrupt service, collect confidential information, and disseminate false information. Because wireless devices roam in and out of wireless zones, such attacks can be difficult to trace. The Internet poses special problems, because it was explicitly designed to be accessed easily by people on different computer systems.